One of the things we talked about last week in our “The Downside of 0% Infosec Unemployement” post is people obtaining quick certs to get into the high-demand security industry. Non-security savvy companies looking to hire qualified infosec pros in this lucrative market need to be on the lookout for people passing themselves off as security experts just to get into the infosec field.
Although they have their place I’ve always had mixed feelings on certifications. On one hand they sorta show that you have a base knowledge of things and help you get through HR screening. But then depending on the cert, this may just mean memorizing enough to pass a multiple choice exam. From an interviewer perspective I usually don’t have to worry about looking at these candidates as HR has hopefully already filtered out the great unwashed masses.
On the other hand there are definitely some good certs out there that actually make you show you know what you are talking about. Depending on the opening these are certifications that I’ll take into consideration during the interview. Keep in mind though that even these credentials are still a small part of the big picture I consider. And if I’m impressed enough I may even focus the interview on these “show me” certs … so you better know what you’re talking about. Also some organizations have lined up a series of certifications that provide a type of “training plan” or “career path” from basic to advanced. Depending on where you are in year career these type of certs may add some value or guide your planning.
So that addresses certifications themselves however another thing to consider are the people getting these certifications. There are these people I refer to as “cert junkies.” Yes, you may have come across one of these guys in your day job. They usually have about 15 sets of letters after their name. The funny thing is that I usually have no clue what about 90% of these certifications are. Even though I may look at them and roll my eyes, I secretly feel a little anxious. Am I missing something? Are they going to get a better job than me? Will their next raise be higher than mine because they memorized some info and passed one of those fill-in-the-bubble exams. (I guess they do those things on computers now-a-days, right? Filling out the little bubbles was cool though.)
This hidden anxiety flows nicely into an article on DarkReading this past week that states peer pressure is the main reason why many of us get certifications. The conclusion was based on a study by Information Security Leaders’ Lee Kushner and Mike Murray. Yes, my nervousness has driven me to succumb to this as well. I do have plans to obtain a certain certification this year … even though I don’t need it to do my job. It’s just that everyone else in my office has it. And I wouldn’t want to get passed over just because of that.
Anyway, here is part of the DarkReading article for your reading pleasure. Beyond the main conclusion, there are some interesting stats you may want to check out. Lee and Mike will be presenting the full survey results during their “InfoSec 2011 — A Career Odyssey” workshop at BlackHat next week.
Most security professionals attain security certifications for fear that if they don’t have one, they’ll be passed over in favor of those who do.
And most believe that holding a certification directly influenced their job advancement — all of this according to the results of a new survey that will be disclosed next week at Black Hat USA in Las Vegas. Some 54 percent of the 1,350 IT security pros who participated in “The Value of Information Security Certifications Survey” said that they were either promoted or got another job based on their security certification status, while some 46 percent said they were not.